The present arrangements relate to performing security analysis of software applications and, more particularly, to analyzing vulnerable information flows.
Security scanning of software applications has traditionally been implemented in one of two ways: black-box scanning or static program analysis. A black-box scan is a security test in which an analysis tool (i.e., a black-box scanner) tests an application for security vulnerabilities while the application executes, for instance by simulating any of a variety of known techniques intended to circumvent security measures. For example, if testing a web-based application, the analysis tool may simulate a cross-site scripting (XSS) attack or a SQL injection attack by attempting to inject malicious scripts, or payloads, into the application. When performing black-box scanning, the black-box scanner assumes no prior knowledge of the application being tested.
A static program analysis is an analysis of a static representation of an application. In most cases, the analysis is performed on some version of the application's source code and in other cases some form object code. A static program analysis, for example, may analyze a control flow graph generated for the application to identify security vulnerabilities that may be present in the application.